Crash Offsets

I think it might be commodities for jobs.

I can’t test this for a couple of hours, but we have an entry for:

[Commodity]
nickname = commodity_bounty_voucher
ids_name = 524505
ids_info = 524506
units_per_container = 1
pod_appearance = cargopod_blue
loot_appearance = lootcrate_blue
decay_per_second = 0
volume = 0
hit_pts = 250

in st_equip.ini and a goods.ini entry for it. They’re in NPC cargoholds right now (and don’t seem to drop, but perhaps that’s another issue)

Could this be doing it?

The good and equipment nicknames must be the same, so provided the good is also [c]commodity_bounty_voucher[/c] it looks okay.

Removing reference to the new commodity doesn’t seem to fix the crash. When you say commodities for jobs, do you mean the stuff that npcs drop as mission objectives to capture/destroy or something else?

Mission objective (it seems to point to a commodity nickname, so that’s what I’m assuming).

So I’ve isolated this to rmlootprops.ini. We removed some entries (as various guns are not being used anymore and we don’t want them to drop)

I’m not entirely sure what’s causing it to crash, but it seems if certain things are made unavailable (notably if I change the faction to a placeholder one) the bar crashes the game/server. I guess I’ll adjust drop rates using the lootable flag rather than using this file.

03954990 ((module-name not available)): (filename not available): IServerImpl::DumpPacketStats

Source: D:\Games\Aftermath\EXE\SERVER.dll
RelExpAddr: 0x702064
ExpCode: 0x3221225477
ExpFlags: 0
ExpAddress: 0x03954990

Triggered by warping to a base that doesn’t have a physical presence, but has an mbase and universe entry, I think.I was warping to st03b_01_base for testing.

One to add from Laz’s crash hopper:

0E99458F ((module-name not available)): (filename not available): IDLL::operator=

    Unhandled Exception!
    -- Important Information --

    Source: C:\Program Files (x86)\Microsoft Games\Freelancer\dlls\bin\Content.dll
    RelExpAddr: 0x526961
    ExpCode: 0x3221225477
    ExpFlags: 0
    ExpAddress: 0x0E99458F
    Please report!

Patrol encounter contains a faction that is not defined in the related base’s [BaseFaction] entries.

Found a pretty weird one

Faulting application name: Freelancer.exe, version: 1.0.1223.11, time stamp: 0x3e401b79
Faulting module name: Common.dll, version: 1.0.1223.11, time stamp: 0x3e401cd3
Exception code: 0xc0000005
Fault offset: 0x0004aa02
Faulting process id: 0x57c4
Faulting application start time: 0x01d6250f11a08173
Faulting application path: E:\freelancer - Copy\EXE\Freelancer.exe
Faulting module path: E:\freelancer - Copy\EXE\Common.dll
Report Id: 5f2ff1c2-ff4e-4c35-a15c-8bee5b355791
Faulting package full name: 
Faulting package-relative application ID: 

It happened when an NPC that was using a weapon that’s model wasn’t actually set to be a gun model is destroyed.
Instead of the gun set to use the li_rad_launcher it was set to use the li_rad_missile model.

I’ve done my best to collate the offsets in this thread into a wiki page. Still a bit of a mess, and I’ve probably missed a few. Please feel free to add/adjust stuff as you all see fit! Figured it’d be a bit easier to search through this page than the entire thread.

https://the-starport.net/modules/mediawiki/index.php/Crash_Offsets

Looks good. Maybe omitting the 0x prefix as in the Limit Breaking 101 wiki looks nicer?

I’ll have a look at it! There’s a few offsets here that I haven’t put in as I’m not really familiar with converting from relative to absolute/etc and not want to completely muck things up. If anyone who’s a bit more knowledgeable feels like adding stuff I missed that’d be really great.

I like the 0x part for copying to my code purposes. Time saver.

0x00012e10 in content.dll
0x062FFBEB in common.dll

Relates to a bad NPC costume (inconsistent gender choices according to IDA) in mBases.ini. Many thanks to Laz for helping pin this one down.

0x0004fe6c in common.dll

CShip::Launch causes a CTD when the client and server don’t have matching base nicknames in the [Object] entry in a system INI. The client is the one that has the CTD.

Example:
Reproducible by running a vanilla v1.1 server and a JFLP v1.25 client and undocking from either Ronnenburg Base or Yanagi Depot. Client crashes immediately at undocking cutscene. If the inverse is performed, the same outcome is achieved.

Reason:
Vanilla entry for Ronnenburg is nickname = Bw02_02_Base, JFLP v1.25 entry is nickname = Bw02_02
Vanilla entry for Yanagi Depot is nickname = Bw05_03_Base, JFLP v1.25 entry is nickname = Bw05_03

Why:
FL multiplayer black magic?

Just thought I’d drop in and mention that the crash offset database is now available as a json payload through the new TSP wiki!

https://wiki.the-starport.net/wiki/fl-binaries/crash-offsets

If you have any automation or scripts that handle Freelancer when it crashes, you can call on this file to try and correlate the offset with your Windows Event logs. A working example of how you might go about doing this can be found here.

Got a new crash for a new forum! I’ve not been able to pin this one down at all:

Freelancer.exe, PID 12824 has stopped unexpectedly at 20:29:51 after running for 124.8607 seconds. Fetching crash event from Application logs... 
Source Name: Application Error
Event ID: 1000
Exception Code: 0xc0000005
Faulting Application Name: Freelancer.exe, version 0.1.1223.11, PID 12824
Faulting Application Path: C:\Users\User\AppData\Roaming\freelancer-bmod\EXE\Freelancer.exe
Faulting Module Name: ntdll.dll, version 10.0.19041.3693
Faulting Module Path: C:\Windows\SYSTEM32\ntdll.dll
Fault Offset: 0x0004591f
Attempting to fetch JSON crash information from the Starport KnowledgeBase...
No crash offset at 0x0004591f in ntdll.dll has been documented previously. Please determine the cause of the crash and submit an update to the Starport KnowledgeBase

Not been able to replicate this one reliably, which is a bit frustrating, and I’m not really sure where to start investigating as it’s a system DLL. Any ideas? Suspect it’s related to NPCs in some way, given what I was doing when this occurred.

Could you run it in a debugger (OllyDbg, x64dbg, WinDbg)? That would enable you get a call trace and (hopefully) find where in Freelancer it called the system.

Unfortunately I’ve been unable to reliably replicate this one and haven’t been able to get the game to crash in the same area again! I’ve made a note so it should flag up the next time it occurs while I’m testing. If I can reliably get it crashing I’ll try running it with my client hooks w/ the debugger attached, and if that fails, with OllyDbg

I have tried to keep myself out of Freelancer for a time, but I found a way to start story missions in a live server though some weird tricks, I couldnt help myself to finish this thing, in that time I have documented some crash offsets that might be useful

(If anyone wants to see how I did this, I put the source code in the Moddb website in the download link, “Freelancer Co-Op Campaign Mode”, my code is very bad but StartStory() function explains how it is done)

content.dll+1aa9f
_SendMessage (Server uses this to communicate with every function) crashes due to following reason;
if anyone calls Story mission "Act_State = SUCCEED" server will call DestroyInstance for every story instances are running, it will crash the server if there are more than 1 in action 

this can be temporarily fixed by altering the function, which prevents DestroyInstance erase Story instances (it will only stop the last instance which Co-Op mod does for 0x1 iClientID)
(BIG NOTE: this offset effects even random missions, restart the server as soon as "missions" ends)
(Another big note: Act_State = SUCCEED" function itself needs to be changed, in order to have everyone their own instances and make them successfuly finish)

content.dll+49c95
settimer assignment error, unstable instance for unknown reasons

content.dll+89651
reputation based error (happened when SP Story reputation functions are enabled in MP)

content.dll+2d541
story manager tried to submit an order/reputation to a NPC that does not exist
documented this bug at SpawnShip within initState = ACTIVE trigger

content.dll+55796
Client crashed during MP base cutscene when server shut down (crash in DestroyInstance)

content.dll+25cc9
Story trigger, Act_LockDock error?, possible nullpointer base? it might be related to other story triggers too(Previous OPjump does initilaize every trigger of story manager)

Content.dll+2FE8F
AI logic error, as far as I can tell, 3 different functions use this area, one of them controls their orders as they spawn and the other one upon destruction

Common.dll+6c282
Group formation leader error, unknown

Freelancer.exe+13d55a
Client tried to dock to a solar that does not exist from its perspective, either done through SwitchOut or following a formation leader that is docking

Freelancer.exe+1469F6
Client tried to sends its targetting information to the server, but failed (tried to target during SystemSwitchOut)

Freelancer.exe+001aad50
Based on pure speculation, Client tried to switch chars during server froze and it crashed

UNKNOWN/UNKNOWN
Observed multiple times, if a Story mission called a [Trigger] but has no Cnd_ condition line

Server.dll+f988
Client and Server failed to sync jump destination system, causes crash in Singleplayer